blocking incoming udp packets
in [Firewalls]
|
From: JClark on 8 Jul 2008 06:22 Hello Group: My system: Desktop and laptop networked through Linksys wired router. Question: My software firewall (Deerfield Visnetic) is constantly logging blocks of incoming udp packets, the source being 192.168.1.1 (which is presume is the router), destination being 255.255.255.255 or 192.168.1.255. This doesn't seem to interfere with anything, but just watching the constant bombardment in the logging screen is annoying. Can anyone explain what is going on here? Or what, if anything, I can or should do about it? I can set the firewall to block and stop logging all udp packets which do not have a specific rule. This eliminates the constant screen filling. But I'm not sure if I should do this. I really don't understand what is happening, which is why I'm asking for help. I guess I'm just concerned that my system may not be tweaked properly and could be wasting resources. Perhaps I should change something in the router setup via the web based configuration program. Here are a couple of the log entries, copied: 2008/07/08, 05:32:18.406, GMT -0400, 2010, Device 3, Blocked incoming UDP packet (no matching rule), src=192.168.1.1, dst=255.255.255.255, sport=520, dport=520 2008/07/08, 05:40:15.921, GMT -0400, 2010, Device 3, Blocked incoming UDP packet (no matching rule), src=192.168.1.1, dst=192.168.1.255, sport=8385, dport=162 Thanks for any explanations, links to sites to educate me, or suggestions. Jack
From: Ansgar -59cobalt- Wiechers on 8 Jul 2008 08:52 JClark <jclark(a)nomail.invalid> wrote: > Here are a couple of the log entries, copied: > > 2008/07/08, 05:32:18.406, GMT -0400, 2010, Device 3, > Blocked incoming UDP packet (no matching rule), > src=192.168.1.1, dst=255.255.255.255, sport=520, > dport=520 Seems to be a router broadcasting routing information. > 2008/07/08, 05:40:15.921, GMT -0400, 2010, Device 3, > Blocked incoming UDP packet (no matching rule), > src=192.168.1.1, dst=192.168.1.255, sport=8385, > dport=162 Seems to be a network device broadcasting SNMP messages on the local network. For further information you need to inspect the packets' contents with a protocol analyzer (Wireshark, tcpdump, etc.). Does your Linksys router have the IP address 192.168.1.1? Unless you need RIP or SNMP on your LAN you should check your router's configuration. cu 59cobalt -- "If a software developer ever believes a rootkit is a necessary part of their architecture they should go back and re-architect their solution." --Mark Russinovich
From: VanguardLH on 8 Jul 2008 09:32 JClark wrote: > Hello Group: > > My system: Desktop and laptop networked through Linksys wired router. > > Question: My software firewall (Deerfield Visnetic) is constantly > logging blocks of incoming udp packets, the source being 192.168.1.1 > (which is presume is the router), destination being 255.255.255.255 or > 192.168.1.255. > > This doesn't seem to interfere with anything, but just watching the > constant bombardment in the logging screen is annoying. > > Can anyone explain what is going on here? Or what, if anything, I can > or should do about it? > > I can set the firewall to block and stop logging all udp packets which > do not have a specific rule. This eliminates the constant screen > filling. But I'm not sure if I should do this. I really don't > understand what is happening, which is why I'm asking for help. > > I guess I'm just concerned that my system may not be tweaked properly > and could be wasting resources. Perhaps I should change something in > the router setup via the web based configuration program. > > Here are a couple of the log entries, copied: > > 2008/07/08, 05:32:18.406, GMT -0400, 2010, Device 3, > Blocked incoming UDP packet (no matching rule), > src=192.168.1.1, dst=255.255.255.255, sport=520, > dport=520 > > 2008/07/08, 05:40:15.921, GMT -0400, 2010, Device 3, > Blocked incoming UDP packet (no matching rule), > src=192.168.1.1, dst=192.168.1.255, sport=8385, > dport=162 > > Thanks for any explanations, links to sites to educate me, or > suggestions. Is UPnP enabled in the router? Try disabling it or check that it is disabled. http://en.wikipedia.org/wiki/Upnp
From: JClark on 8 Jul 2008 15:05 >Does your Linksys router have the IP address 192.168.1.1? Unless you >need RIP or SNMP on your LAN you should check your router's >configuration.On Tue, 8 Jul 2008 14:52:22 +0200 (CEST), Ansgar -59cobalt- Wiechers <usenet-2008(a)planetcobalt.net> wrote: Yes, 192.168.1.1 is the router. UPnP and SNMP are disabled. I will try to investigate the packets as you suggest. Thanks. Jack
From: JClark on 8 Jul 2008 15:07
On Tue, 8 Jul 2008 08:32:58 -0500, VanguardLH <V(a)nguard.LH> wrote: >s UPnP enabled in the router? Try disabling it or check that it is >disabled. Yes, UPnP is disabled in the router. I appreciate your help. Still not getting a grasp of the overall situation. Jack |